1. MichaelJones,CCIE,PMP,CISSP,CEH
Sr. Cyber Security Engineer – Active TS/SCI Security Clearance
Alexandria, VA
Open to Relocation Nationwide,100% Travel Acceptable
mjones@cyberresearchgroup.com
• Over 20 years experience in the IT industry and over 15 years experience in cyber security.
• Certified Penetration Tester and IBM AIX System Administrator and Network Engineer,school trained in
Tivoli Netview as well as other Tivoli server management tools.
• In Depth experience with DISA DIACAP, NIST RMF, FISMA standards,both practical application for
networking equipment,desktop configuration,Windows and UNIX servers.Uploaded artifacts to eMASS.
• Have been responsible for ethical hacking and penetration testing.
• Experience in performing VulnerabilityTesting and used Tenable Nessus Server and Client,sniffers
including:Wireshark,NetscoutEnterprise Sniffer and Observer 6.x.
• Have a very extensive and diverse background with LINUX and many"flavors" of UNIX to include, AIX,
IRIX and BSD.
• Knowledge of installing and configuring Cisco routers, switches, firewalls and VPNs.
• Responsible for analyzing possible securitythreats to overseas sites located in 140 US Consulates in 136
countries with Cisco Mitigation Attack Response Solution (MARS).
• Experience with overseas network security and any new working with threats/risks.
• Extensive experience with On-call 24/7 for overseas and local sites.
• Member of SANS.org, ISC2, and other security related groups.
• Experience with conducted drills for site disaster recoveries and leading and decision making during day-
to- day operations disaster recovery situations.
• Experience with many firewalls;Juniper,Cisco,F5,Bluecoat, Fortigate, McAfee Sidewinder/NGFW,
Palo Alto, Check Point, Websense,
WORK EXPERIENCE
Sr. Cyber Security Engineer/Consultant
Cyber Research Group – Alexandria, VA - November 2012 to Present
• Responsible for maintaining Cisco PIX/ASA, Cisco Nexus Switches as well as other Cisco products.
• Updated and added rules daily while my work was verified via peer reviews.
• Validated other engineers' work via the peer review system.
• Assisted in the design and modification of new and updated VLANs.
• Responsible for using network sniffers, such as, Wireshark when problems arose on the network.
• Documented changes made to firewalls both in the configuration file and in network documentation.
• Responsible for the installation and maintenance of Checkpoint Firewalls.
• In charge of setting and maintaining change management and emergency change management policies.
• Responsible for maintaining and reporting on Security Threats to CIO.
• Keep up with latest security related techniques and advise on updates to the infrastructure.
• Manage the support of all network and security equipment needed to conduct daily operations.
• Manage any and all critical situations that involve perimeter penetrations.
• Responsible for scheduling any needed / requested training.
• Check firewall logs daily and VPN logs daily and report on any anomalies.
• Responsible for updating and writing new access lists and rule sets.
• Responsible for maintaining and controlling Cisco ASA 5500 series as well as HP Openview.
• Personallyresponsiblefor "no access rules" to malicious URL's on both Blue Coatand Checkpoint Firewalls
• Created new rules for both IPS and IDS devices. (IPS/IDS was the IBM Proventia)
• Respond for working and managing suspected malware tickets and calls.
• Collect,analyze, correct and remove any suspected malware, spyware, Trojans and / or Virus and Worms.
• Wrote incident reports to Symantec and US CERT when hostile files and code are found.
2. • Create and updated firewall and IPS, IDS signatures and rules as needed to secure the network.
• Skilled in the use of Remedy for ticketing process and procedures.
• Used FireEye to aid in attack and attack vector investigations.
◦ This enabled us to do TCP traces on the packets that were captured by the tool.
◦ Located hostile malware.In the course ofthe investigation we were able to locate copy and neutralize the
malware.
◦ Riverbed was also used to acquire information betweenan internal system and a possible malware system.
◦ Reports were generated and packets were copied to go through with Wireshark or other packet analyzers
view all communications between the hostile system and the government system.
• Used Ethical Hacking,PEN testing,Forensic and management tools such as, FireEye, IBM Proventia ISS
(IPS/IDS), Imperva (Layer 4 Firewall), BlueCoat Proxy Servers, Barracuda Packet Collectors and
Application Rebuilder,Riverbed Profiler as well as BacKTrak LINUX (Forensics),Metasploit and other tools
as specified by US CERT, FCC, NIST and FISMA standards.
• Worked with Cisco PIX 500 series, Cisco FWSM, ASA 5500 and CheckPoint Firewalls R61 - R75.
Sr. Security Analyst / Network Engineer
FDA - Bethesda, MD - January 2011 to October 2012
• Responsible for the installation, configuration and maintenance ofall servers and workstations in the
division.This included securityscanning and hardening ofall workstations and servers.
• Created Shell Scripts in multiple scripting languages.
◦ Used them in OS Crontab as well as web server CGI-Bin.
• Created and updated process and procedure documentation dealing with securityor forensic studyof
malware.
• Perform on-call duties every other month or as needed according to team schedule.
• Update Ethical Hacking and PEN testing tools such as,CANVAS, Metasploitand other tools as specified
by the clientand their standards
• Perform on-call duties every other month or as needed according to team schedule.
• Install and configure Cisco ASA / PIX and Checkpointfirewalls as needed bythe customer.Also in charge
of maintaining proper IOS code level and keep the configurations to a manageable size.
Sr. Security Analyst / Network Engineer
Unisys - Washington,DC - March 2010 to January 2011
• Responsible for the installation, configuration and maintenance ofall network securitydevices. This
included Cisco PIX 525 / 535, ASA 5500.
• Responsible for using and creating shell scripts.
• Created new jobs and processes with korn shell (as an example) in order to be placed in to cron jobs on
given LINUX servers.
• Created and updated processes and procedural documentation for Security Team.
• Updated patches,changed and coded as needed.
• Performed on-call duties every other month or as needed according to team schedule.
• Updated Ethical Hacking and PEN testing tools such as,CANVAS, Metasploitand other tools as specified
by Unisys standards.
Sr. Security Analyst / Network Engineer
Architect Of The Capitol - Washington,DC - May 2008 to March 2010
• Responsible for the installation,configuration and maintenance ofall network securitydevices, including:
Checkpointw/ R70 - R62, Cisco PIX 525 / 535, ASA 5500, done weekly.
• Responsible for using and creating shell scripts.
• Created new jobs andprocesses with kornshell(as an example) in order to placecron jobs on LINUXservers.
• Worked with NIST and FISMA standards,both practical application for networking equipment,desktop
configuration,Windows and UNIX servers.
3. • Worked with DCID 6/x,
• Used DISA Gold Disk,along with checklistand scripts.
• Used WebRoot to check organization desktops and server for spyware and other malwarein order to
generate monthlyreports.
• Used Symantec ClientSecurity (3.0) enterprise wide,Antivirus (10.0) and ClientFirewall.
• Used Symantec SIM for information and risk compliance.
• Responsible for writing new policy and procedures and updating old ones as well as all Security
Information Management.
• Responsible for reviewing proposed changes to the A.O.C. Network with Visio diagrams or PDF files.
• Marked recommendations thatwentalong with proposed changes to the A.O.C. Network.
• Monitored all emergencychanges to the network from the securityside,made recommendations and
enforced policy during said changes.
• Responsible for ethical hacking and penetration testing.Primarilyused Metasploitand Canvas.
• Performed VulnerabilityTesting and used Nessus Server and Client,sniffers including:Wireshark,
NetscoutEnterprise Sniffer.
• Installed and maintained testing tools in order to perform packet captures and logging of captures.
Sr. Network / Firewall Engineer
IBM - Manassas,VA - September 2007 to March 2008
• Responsible for the installation, configuration and maintenance of all network security devices including:
Cisco PIX 525 / 535, ASA 5500, Cisco IOS 12.4.x, CATOS […] PIXOS 6.x-7.x, and Nokia IP380's, Firewall
Service Module (FWSM) and running CheckPoint Firewall IPSO 3.8+.
• Worked extensively with the VPN Concentrator,Juniper Networks - Netscreen VPN products and device
clustering.
• Worked with Nortel Contivity, Cisco Works, HP OpenView and Eye of the Storm.
• Responsible for the up keep and maintenanceofapproximately20 LINUXservers.All of which required
shell scripting for new jobs and processes,such as processing logs files.
• Worked with Perl and Java script in order to create new scripts or reverse engineer current scripts.
• Was responsible for setting a point-to-pointVPN connection between PIX 501 and Linksys 54G.Later in
the projectwe used the "easy vpn config" to switch out the Pix 501 with an ASA 5509.
• Worked with NIST and FISMA standards,both practical application for networking equipment,desktop
configuration,Windows and UNIX servers.
• Responsible for the creationofinfrastructuredocumentationsuch as Visiodiagrams,policies and
procedures,governing changes to configurations or the addition of new rules.
• Worked with NIST and FISMA standards, both practical application for networking equipment,desktop
configuration,Windows and UNIX servers.
• Updated procedures and conducted drills for site disaster recoveries.
• Installed and maintained ArcSightSIMas well as the dailyuse for analyzing the networks differentnetworks.
• Installed,configured and maintained Cisco Load Balancers.Also responsible for weekend and after hours
callouts for troubleshooting.
• Installed and maintained nCircle and used for daily for vulnerability scanning.
• Used Wireshark and Metasploit Framework tools for scanning and capturing data
• Administered network management software,SolarWinds, CiscoWorks, Tivoli NetView, HP,and OpenView.
• Created rule-sets in Cisco MARS used to interrogate security logs generated by MARS.
• Monitored firewall logs daily for any changes and suspicious activity.
• Maintained virus, worm and other malicious threatawareness through subscriptions with SANS.org,
CheckPoint,Symantec, Cisco and Microsoft Security Website,and Metasploit.
• Highly skilled in the use and implementation ofCheckpointDashboard products including CheckpointNGX
R65 and below.
• Extensive uses of packet capture software such as WireShark, and Observer.
• Maintained rule sets, policies and code levels on Bluecoat Proxy server and Websense Security Suite.
• Extensive experience with numerous network monitoring,scanning and reporting solutions and Security
Information Management (SIM).
• Used LINUX (RedHat, Slackware) daily.
4. • Install and configured Cisco routers using IOS 12.4(2)T, using OSPF, EIGRP, static routing also have
extensive experience in the use of ACL's in routers,firewalls and switches.
• Was responsible for being on 24/7 on-call in the US Army.
Network Engineer / Sr. Security
Independent Contractor - Federal - Washington, DC - April 2007 to September 2007
Responsible for analyzing possible security threats to overseas sites located in 140 US Consulates in 136
countries.Accomplished byusing Cisco MARS (Mitigation, Attack, Response,Solution).It was installed and
configured by myself. This solution was able to pull logs from multiple vendor firewalls, systems then
correlated the obtained information in to incidents, events, reporting, attack diagrams and threat matrixes.
• Was responsible for configuring and maintaining the Cisco VPN 3000 Concentrator.Cisco Pix 501 to 535
models andmaking the 501talk to a Linksys 54GWireless Router while in firewall modefor an offsite network.
• Worked with NIST and FISMA standards,both practical application for networking equipment, desktop
configuration,Windows and UNIX servers.
• Setup monitoring of Cisco routers and switch logs using Cisco Works.
• Used Performance Monitoring with SolarWinds Orion and Cisco Works Intranet Performance Monitor.
• Responsible for writing scripts to be used byCisco Works to automate processes,such as,changing Secret
/ VTY and user passwords monthly.
• Used Symantec Client Security (3.0) enterprise wide, included was Antivirus (10.0) and Client Firewall
• Used Symantec SIM for information and risk compliance.
• On-call 24/7 for emergencyresponse atthe DC site as wellas making myselfavailable to our overseas sites.
• Was also responsible for configuring bandwidth trending,alerting for critical system processes and devices
listed as down.
◦ The system was configured to send pages / text messages to cell phones as well as emails.
◦ Used extensively to scan, track, prevent and report attempted cyber-attacks against USDA Foreign
Assets. Further assessment of intelligence that originated in the Middle East, North Africa, parts of Israel,
along with other regions and countries thatwere known to be sympathetic / friendly to those areas yielded
more information on pointoforigin for suspected attacks.This also provided more intelligence on suspected
internet crime organizations in various regions of the world. Information gathered on suspected terror
groups was passedon to the intelligence organizations while suspectedinternationalInternetcriminal groups
were passed on to INTERPOL. Also skilled in IBM (SIM) and Symantec (SIM)
• Participated in real world operations in that region contributed greatly to expert knowledge of the area's
people,cultures,customs,technological demographics, conventional terrorism as well as cybercrime and
terror organizations were instrumental in creating network and utilities risk assessments and analysis.
• Had access to all Cisco routers, switches and VPN concentrators of all sites both local and worldwide.
Also skilled in troubleshooting all above listed Cisco devices.Was responsible for upgrading Cisco Secure
ACS and TACACS to TACACS+.
• Tasked with maintaining user VPN accounts and network engineering /admin accounts on TACACAS+ so
all equipmentcould be accessed bythe use of single user id ,password and enable /secret passwords.
• Skilled in installing, configuring, maintaining and troubleshooting Juniper devices, such as NetScreen.
• Extensive use of OSPF and EIGRP as primary routing protocols while working for the USDA.
• Worked closelywith US State Departmentand Foreign Agriculture Service, upper managementto provide
reports in reference to overseas network securityand any new possible threats / risks.
• Studied extensively diverse topics and technologies regarded by experts as information warfare, which
consisted of malicious code, including, Java Applets, JavaScript, macros and other scripting and markup
languages.Also conducted planned DoS attacks,IP and MAC address spoofing as well as Ethical Hacking
and Cracking (A.K.A. Pen Testing).
• Proved valuable performing risk assessments ofnew equipment and potentiallyvolatile situations caused
by erroneous configurations or breaches of security.
• Worked with NIST, NIACAP, DIACAP and FISMA procedures and protocols
• Extensive experience configuring PKIand AES encryption in Cisco Routers and PIX Firewall and ASA
5500 series Cisco Firewalls
Sr. Network and Security Engineer / Team Leader / Project Manager
5. IBM Global Services - Ashburn, VA - December 1999 to April 2007
• Responsible for boarding external and internal IBM customers in the Ashburn Virginia Collocation facility.
• Responsible for annual budget. Employee reviews and SAS70 security inspections.
• Worked on a regular basis as a CCNA and CCNP level. At the time I did actually have a CCDA.
• Responsible for the managementof30 employees and contractors,career counseling and annual reviews.
Also responsible for hiring and termination of employees as necessary.
• Daily use of Tivoli Management products such as Netview and Storage Manager. I am also familiar with
almost all IBM products. To include HMC AIX systems management tools, Tivoli setup, maintenance and
upgrades.
• Designed,implemented and managed custom Tivoli Netview and Cisco Works 2000 and Cisco Works LSM
2.6 Solutions for customers in Collocation and Fully Managed Environments.
• Also skilled in the use of MRTG on infrastructure devices for measuring bandwidth.
• Skilled in using the reporting element of MRTG.
• Extremely familiar with NIST, both practical application for networking equipment, desktop configuration,
Windows and UNIX servers.Referenced NIST SP 800-50 and SP 800-40 series primarily for safeguarding
MS Windows OS, UNIX / LINUX OS and network printers.
• Use physical security protocols and procedures to include social engineering, shoulder surfing, physical
lock picking and other measures such as dumpster diving to test physical security as well as security
software, packet monitoring software and products such as Solar Winds Orion and download able tools
such as TCPDUMP, ETHERRAPE, ETHEREAL as well as password crackers and keystroke recorders to
test logical / virtual security. Also taught techniques to senior staff members that were actively involved in
ongoing security protocols and procedures.
• Thinking out of the box or much like a professional cooperate s py when it comes to security.
• Worked with TCP/IP every day. Due to clients and the way they were managed Iusuallydealt with the first
three layers of the TCP/IP Stack. But have worked extensively with all seven layers at one time or another.
• Installed and configured Cisco 6509 Core switches, Cisco 6504, Cisco 4008 Switches as well as Cisco
1700 series through Cisco 12008 GSR Routers.
• Maintained redundant OC-3 connections to the Collocation site. Used OSPF, EIGRP, RIP, RIP II and
IGRP during router configurations. Also skilled in troubleshooting these protocols using SNMP and it's MIB
Database.
• Installed and configured Big-IP F5's. Was also responsible for troubleshooting during weekend and after
hour's callouts.
• Skilled in SONET, POS, Frame Relay, T-1, Fractional T-1, ISDN PRI and BRI, I also work well with service
providers such as Sprint and Verizon to complete circuits and projects.
• Was responsible for installing and configuring Cisco and Juniper VPN solutions, servers and clients.
• Highly skilled in troubleshooting both Microsoft workstations and servers. Former MSCE (WinNT 4.0), so
I'm very skilled in Microsoft Operating Systems. (All of them).
• Extraordinarily work well with teams as a team member or as a team lead. I always know my place and
where I stand with in a team never overstep my bounds without prior permission from either the team lead
or management.
• Also skilled with solutions and reporting tools such as Cisco MARS.
• Responsible for troubleshooting customer network equipment such as, Nokia IP 330 and 660 Firewalls
running Checkpoint firewall, Cisco PIX Firewalls as well as Cisco and Nortel Routers and switches.
Checked firewall logs daily for any new issues. And ran them against Cisco (MARS) - Mitigation Attack
Response Solution.
• Wrote process and procedures for Collocation and fully managed network environments.
• Was responsible for leading and decision making during day to day operations and as well as disaster
recovery situations.
• Designed and built Security and Network Operations Center at the data centers as well as wrote all
Standard Operating Procedures for both NOC and SOC. Also worked shifts when we were short of
employees due to illness and vacations.
US Army Warrant Officer (255N Network Management Technician)
6. Fort Gordon, GA - May 1990 to January 1996
Network Engineer for the U.S. Army Signal School.
EDUCATION
Master of Science, Computer Science (3.73 GPA)
Virginia Tech, College ofEngineering – 1997 - 1999
Blacksburg,VA
CERTIFICATIONS
CCIE Security
CCIE Routing and Switching
CISSP, CEH, PMP, Security+ CE
SKILLS
Network Security (10+ years), Network Management(10+ years), Network Engineering (10+ years),
Firewalls (10+ years),Routers (10+ years), Switches (10+ years), Penetration Testing (10+ years),
Vulnerability Assessments (10+ years).